LCOV - code coverage report
Current view: top level - lib - exchange_api_refreshes_reveal.c (source / functions) Hit Total Coverage
Test: GNU Taler exchange coverage report Lines: 109 169 64.5 %
Date: 2021-08-30 06:43:37 Functions: 4 4 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2015-2021 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see
      15             :   <http://www.gnu.org/licenses/>
      16             : */
      17             : /**
      18             :  * @file lib/exchange_api_refreshes_reveal.c
      19             :  * @brief Implementation of the /refreshes/$RCH/reveal requests
      20             :  * @author Christian Grothoff
      21             :  */
      22             : #include "platform.h"
      23             : #include <jansson.h>
      24             : #include <microhttpd.h> /* just for HTTP status codes */
      25             : #include <gnunet/gnunet_util_lib.h>
      26             : #include <gnunet/gnunet_json_lib.h>
      27             : #include <gnunet/gnunet_curl_lib.h>
      28             : #include "taler_json_lib.h"
      29             : #include "taler_exchange_service.h"
      30             : #include "exchange_api_handle.h"
      31             : #include "taler_signatures.h"
      32             : #include "exchange_api_curl_defaults.h"
      33             : #include "exchange_api_refresh_common.h"
      34             : 
      35             : 
      36             : /**
      37             :  * @brief A /refreshes/$RCH/reveal Handle
      38             :  */
      39             : struct TALER_EXCHANGE_RefreshesRevealHandle
      40             : {
      41             : 
      42             :   /**
      43             :    * The connection to exchange this request handle will use
      44             :    */
      45             :   struct TALER_EXCHANGE_Handle *exchange;
      46             : 
      47             :   /**
      48             :    * The url for this request.
      49             :    */
      50             :   char *url;
      51             : 
      52             :   /**
      53             :    * Context for #TEH_curl_easy_post(). Keeps the data that must
      54             :    * persist for Curl to make the upload.
      55             :    */
      56             :   struct TALER_CURL_PostContext ctx;
      57             : 
      58             :   /**
      59             :    * Handle for the request.
      60             :    */
      61             :   struct GNUNET_CURL_Job *job;
      62             : 
      63             :   /**
      64             :    * Function to call with the result.
      65             :    */
      66             :   TALER_EXCHANGE_RefreshesRevealCallback reveal_cb;
      67             : 
      68             :   /**
      69             :    * Closure for @e reveal_cb.
      70             :    */
      71             :   void *reveal_cb_cls;
      72             : 
      73             :   /**
      74             :    * Actual information about the melt operation.
      75             :    */
      76             :   struct MeltData *md;
      77             : 
      78             :   /**
      79             :    * The index selected by the exchange in cut-and-choose to not be revealed.
      80             :    */
      81             :   uint16_t noreveal_index;
      82             : 
      83             : };
      84             : 
      85             : 
      86             : /**
      87             :  * We got a 200 OK response for the /refreshes/$RCH/reveal operation.
      88             :  * Extract the coin signatures and return them to the caller.
      89             :  * The signatures we get from the exchange is for the blinded value.
      90             :  * Thus, we first must unblind them and then should verify their
      91             :  * validity.
      92             :  *
      93             :  * If everything checks out, we return the unblinded signatures
      94             :  * to the application via the callback.
      95             :  *
      96             :  * @param rrh operation handle
      97             :  * @param json reply from the exchange
      98             :  * @param[out] sigs array of length `num_fresh_coins`, initialized to contain RSA signatures
      99             :  * @return #GNUNET_OK on success, #GNUNET_SYSERR on errors
     100             :  */
     101             : static int
     102           7 : refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh,
     103             :                    const json_t *json,
     104             :                    struct TALER_DenominationSignature *sigs)
     105             : {
     106             :   json_t *jsona;
     107             :   struct GNUNET_JSON_Specification outer_spec[] = {
     108           7 :     GNUNET_JSON_spec_json ("ev_sigs", &jsona),
     109           7 :     GNUNET_JSON_spec_end ()
     110             :   };
     111             : 
     112           7 :   if (GNUNET_OK !=
     113           7 :       GNUNET_JSON_parse (json,
     114             :                          outer_spec,
     115             :                          NULL, NULL))
     116             :   {
     117           0 :     GNUNET_break_op (0);
     118           0 :     return GNUNET_SYSERR;
     119             :   }
     120           7 :   if (! json_is_array (jsona))
     121             :   {
     122             :     /* We expected an array of coins */
     123           0 :     GNUNET_break_op (0);
     124           0 :     GNUNET_JSON_parse_free (outer_spec);
     125           0 :     return GNUNET_SYSERR;
     126             :   }
     127           7 :   if (rrh->md->num_fresh_coins != json_array_size (jsona))
     128             :   {
     129             :     /* Number of coins generated does not match our expectation */
     130           0 :     GNUNET_break_op (0);
     131           0 :     GNUNET_JSON_parse_free (outer_spec);
     132           0 :     return GNUNET_SYSERR;
     133             :   }
     134          26 :   for (unsigned int i = 0; i<rrh->md->num_fresh_coins; i++)
     135             :   {
     136             :     const struct TALER_PlanchetSecretsP *fc;
     137             :     struct TALER_DenominationPublicKey *pk;
     138             :     json_t *jsonai;
     139             :     struct GNUNET_CRYPTO_RsaSignature *blind_sig;
     140             :     struct TALER_CoinSpendPublicKeyP coin_pub;
     141             :     struct GNUNET_HashCode coin_hash;
     142             :     struct GNUNET_JSON_Specification spec[] = {
     143          19 :       GNUNET_JSON_spec_rsa_signature ("ev_sig", &blind_sig),
     144          19 :       GNUNET_JSON_spec_end ()
     145             :     };
     146             :     struct TALER_FreshCoin coin;
     147             : 
     148          19 :     fc = &rrh->md->fresh_coins[rrh->noreveal_index][i];
     149          19 :     pk = &rrh->md->fresh_pks[i];
     150          19 :     jsonai = json_array_get (jsona, i);
     151          19 :     GNUNET_assert (NULL != jsonai);
     152             : 
     153          19 :     if (GNUNET_OK !=
     154          19 :         GNUNET_JSON_parse (jsonai,
     155             :                            spec,
     156             :                            NULL, NULL))
     157             :     {
     158           0 :       GNUNET_break_op (0);
     159           0 :       GNUNET_JSON_parse_free (outer_spec);
     160           0 :       return GNUNET_SYSERR;
     161             :     }
     162             : 
     163             :     /* needed to verify the signature, and we didn't store it earlier,
     164             :        hence recomputing it here... */
     165          19 :     GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv,
     166             :                                         &coin_pub.eddsa_pub);
     167          19 :     GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub,
     168             :                         sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
     169             :                         &coin_hash);
     170          19 :     if (GNUNET_OK !=
     171          19 :         TALER_planchet_to_coin (pk,
     172             :                                 blind_sig,
     173             :                                 fc,
     174             :                                 &coin_hash,
     175             :                                 &coin))
     176             :     {
     177           0 :       GNUNET_break_op (0);
     178           0 :       GNUNET_CRYPTO_rsa_signature_free (blind_sig);
     179           0 :       GNUNET_JSON_parse_free (outer_spec);
     180           0 :       return GNUNET_SYSERR;
     181             :     }
     182          19 :     GNUNET_CRYPTO_rsa_signature_free (blind_sig);
     183          19 :     sigs[i] = coin.sig;
     184             :   }
     185           7 :   GNUNET_JSON_parse_free (outer_spec);
     186           7 :   return GNUNET_OK;
     187             : }
     188             : 
     189             : 
     190             : /**
     191             :  * Function called when we're done processing the
     192             :  * HTTP /refreshes/$RCH/reveal request.
     193             :  *
     194             :  * @param cls the `struct TALER_EXCHANGE_RefreshHandle`
     195             :  * @param response_code HTTP response code, 0 on error
     196             :  * @param response parsed JSON result, NULL on error
     197             :  */
     198             : static void
     199           8 : handle_refresh_reveal_finished (void *cls,
     200             :                                 long response_code,
     201             :                                 const void *response)
     202             : {
     203           8 :   struct TALER_EXCHANGE_RefreshesRevealHandle *rrh = cls;
     204           8 :   const json_t *j = response;
     205           8 :   struct TALER_EXCHANGE_HttpResponse hr = {
     206             :     .reply = j,
     207           8 :     .http_status = (unsigned int) response_code
     208             :   };
     209             : 
     210           8 :   rrh->job = NULL;
     211           8 :   switch (response_code)
     212             :   {
     213           0 :   case 0:
     214           0 :     hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE;
     215           0 :     break;
     216           7 :   case MHD_HTTP_OK:
     217           7 :     {
     218           7 :       struct TALER_DenominationSignature sigs[rrh->md->num_fresh_coins];
     219             :       int ret;
     220             : 
     221           7 :       memset (sigs, 0, sizeof (sigs));
     222           7 :       ret = refresh_reveal_ok (rrh,
     223             :                                j,
     224             :                                sigs);
     225           7 :       if (GNUNET_OK != ret)
     226             :       {
     227           0 :         hr.http_status = 0;
     228           0 :         hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
     229             :       }
     230             :       else
     231             :       {
     232           7 :         rrh->reveal_cb (rrh->reveal_cb_cls,
     233             :                         &hr,
     234           7 :                         rrh->md->num_fresh_coins,
     235           7 :                         rrh->md->fresh_coins[rrh->noreveal_index],
     236             :                         sigs);
     237           7 :         rrh->reveal_cb = NULL;
     238             :       }
     239          26 :       for (unsigned int i = 0; i<rrh->md->num_fresh_coins; i++)
     240          19 :         if (NULL != sigs[i].rsa_signature)
     241          19 :           GNUNET_CRYPTO_rsa_signature_free (sigs[i].rsa_signature);
     242           7 :       TALER_EXCHANGE_refreshes_reveal_cancel (rrh);
     243           7 :       return;
     244             :     }
     245           0 :   case MHD_HTTP_BAD_REQUEST:
     246             :     /* This should never happen, either us or the exchange is buggy
     247             :        (or API version conflict); just pass JSON reply to the application */
     248           0 :     hr.ec = TALER_JSON_get_error_code (j);
     249           0 :     hr.hint = TALER_JSON_get_error_hint (j);
     250           0 :     break;
     251           1 :   case MHD_HTTP_CONFLICT:
     252             :     /* Nothing really to verify, exchange says our reveal is inconsistent
     253             :        with our commitment, so either side is buggy; we
     254             :        should pass the JSON reply to the application */
     255           1 :     hr.ec = TALER_JSON_get_error_code (j);
     256           1 :     hr.hint = TALER_JSON_get_error_hint (j);
     257           1 :     break;
     258           0 :   case MHD_HTTP_GONE:
     259             :     /* Server claims key expired or has been revoked */
     260           0 :     hr.ec = TALER_JSON_get_error_code (j);
     261           0 :     hr.hint = TALER_JSON_get_error_hint (j);
     262           0 :     break;
     263           0 :   case MHD_HTTP_INTERNAL_SERVER_ERROR:
     264             :     /* Server had an internal issue; we should retry, but this API
     265             :        leaves this to the application */
     266           0 :     hr.ec = TALER_JSON_get_error_code (j);
     267           0 :     hr.hint = TALER_JSON_get_error_hint (j);
     268           0 :     break;
     269           0 :   default:
     270             :     /* unexpected response code */
     271           0 :     GNUNET_break_op (0);
     272           0 :     hr.ec = TALER_JSON_get_error_code (j);
     273           0 :     hr.hint = TALER_JSON_get_error_hint (j);
     274           0 :     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
     275             :                 "Unexpected response code %u/%d for exchange refreshes reveal\n",
     276             :                 (unsigned int) response_code,
     277             :                 (int) hr.ec);
     278           0 :     break;
     279             :   }
     280           1 :   if (NULL != rrh->reveal_cb)
     281           1 :     rrh->reveal_cb (rrh->reveal_cb_cls,
     282             :                     &hr,
     283             :                     0,
     284             :                     NULL,
     285             :                     NULL);
     286           1 :   TALER_EXCHANGE_refreshes_reveal_cancel (rrh);
     287             : }
     288             : 
     289             : 
     290             : struct TALER_EXCHANGE_RefreshesRevealHandle *
     291           8 : TALER_EXCHANGE_refreshes_reveal (
     292             :   struct TALER_EXCHANGE_Handle *exchange,
     293             :   size_t refresh_data_length,
     294             :   const char *refresh_data,
     295             :   uint32_t noreveal_index,
     296             :   TALER_EXCHANGE_RefreshesRevealCallback reveal_cb,
     297             :   void *reveal_cb_cls)
     298             : {
     299             :   struct TALER_EXCHANGE_RefreshesRevealHandle *rrh;
     300             :   json_t *transfer_privs;
     301             :   json_t *new_denoms_h;
     302             :   json_t *coin_evs;
     303             :   json_t *reveal_obj;
     304             :   json_t *link_sigs;
     305             :   CURL *eh;
     306             :   struct GNUNET_CURL_Context *ctx;
     307             :   struct MeltData *md;
     308             :   struct TALER_TransferPublicKeyP transfer_pub;
     309             :   char arg_str[sizeof (struct TALER_RefreshCommitmentP) * 2 + 32];
     310             : 
     311           8 :   if (noreveal_index >= TALER_CNC_KAPPA)
     312             :   {
     313             :     /* We check this here, as it would be really bad to below just
     314             :        disclose all the transfer keys. Note that this error should
     315             :        have been caught way earlier when the exchange replied, but maybe
     316             :        we had some internal corruption that changed the value... */
     317           0 :     GNUNET_break (0);
     318           0 :     return NULL;
     319             :   }
     320           8 :   if (GNUNET_YES !=
     321           8 :       TEAH_handle_is_ready (exchange))
     322             :   {
     323           0 :     GNUNET_break (0);
     324           0 :     return NULL;
     325             :   }
     326           8 :   md = TALER_EXCHANGE_deserialize_melt_data_ (refresh_data,
     327             :                                               refresh_data_length);
     328           8 :   if (NULL == md)
     329             :   {
     330           0 :     GNUNET_break (0);
     331           0 :     return NULL;
     332             :   }
     333             : 
     334             :   /* now transfer_pub */
     335           8 :   GNUNET_CRYPTO_ecdhe_key_get_public (
     336           8 :     &md->melted_coin.transfer_priv[noreveal_index].ecdhe_priv,
     337             :     &transfer_pub.ecdhe_pub);
     338             : 
     339             :   /* now new_denoms */
     340           8 :   GNUNET_assert (NULL != (new_denoms_h = json_array ()));
     341           8 :   GNUNET_assert (NULL != (coin_evs = json_array ()));
     342           8 :   GNUNET_assert (NULL != (link_sigs = json_array ()));
     343          31 :   for (unsigned int i = 0; i<md->num_fresh_coins; i++)
     344             :   {
     345             :     struct GNUNET_HashCode denom_hash;
     346             :     struct TALER_PlanchetDetail pd;
     347             :     struct GNUNET_HashCode c_hash;
     348             : 
     349          23 :     GNUNET_CRYPTO_rsa_public_key_hash (md->fresh_pks[i].rsa_public_key,
     350             :                                        &denom_hash);
     351          23 :     GNUNET_assert (0 ==
     352             :                    json_array_append_new (new_denoms_h,
     353             :                                           GNUNET_JSON_from_data_auto (
     354             :                                             &denom_hash)));
     355             : 
     356          23 :     if (GNUNET_OK !=
     357          23 :         TALER_planchet_prepare (&md->fresh_pks[i],
     358          23 :                                 &md->fresh_coins[noreveal_index][i],
     359             :                                 &c_hash,
     360             :                                 &pd))
     361             :     {
     362             :       /* This should have been noticed during the preparation stage. */
     363           0 :       GNUNET_break (0);
     364           0 :       json_decref (new_denoms_h);
     365           0 :       json_decref (coin_evs);
     366           0 :       return NULL;
     367             :     }
     368          23 :     GNUNET_assert (0 ==
     369             :                    json_array_append_new (coin_evs,
     370             :                                           GNUNET_JSON_from_data (pd.coin_ev,
     371             :                                                                  pd.coin_ev_size)));
     372             :     {
     373             :       struct TALER_CoinSpendSignatureP link_sig;
     374             : 
     375          23 :       TALER_wallet_link_sign (&denom_hash,
     376             :                               &transfer_pub,
     377          23 :                               pd.coin_ev,
     378             :                               pd.coin_ev_size,
     379          23 :                               &md->melted_coin.coin_priv,
     380             :                               &link_sig);
     381          23 :       GNUNET_assert (0 ==
     382             :                      json_array_append_new (
     383             :                        link_sigs,
     384             :                        GNUNET_JSON_from_data_auto (&link_sig)));
     385             :     }
     386          23 :     GNUNET_free (pd.coin_ev);
     387             :   }
     388             : 
     389             :   /* build array of transfer private keys */
     390           8 :   GNUNET_assert (NULL != (transfer_privs = json_array ()));
     391          32 :   for (unsigned int j = 0; j<TALER_CNC_KAPPA; j++)
     392             :   {
     393          24 :     if (j == noreveal_index)
     394             :     {
     395             :       /* This is crucial: exclude the transfer key for the
     396             :    noreval index! */
     397           8 :       continue;
     398             :     }
     399          16 :     GNUNET_assert (0 ==
     400             :                    json_array_append_new (transfer_privs,
     401             :                                           GNUNET_JSON_from_data_auto (
     402             :                                             &md->melted_coin.transfer_priv[j])));
     403             :   }
     404             : 
     405             :   /* build main JSON request */
     406           8 :   reveal_obj = GNUNET_JSON_PACK (
     407             :     GNUNET_JSON_pack_data_auto ("transfer_pub",
     408             :                                 &transfer_pub),
     409             :     GNUNET_JSON_pack_array_steal ("transfer_privs",
     410             :                                   transfer_privs),
     411             :     GNUNET_JSON_pack_array_steal ("link_sigs",
     412             :                                   link_sigs),
     413             :     GNUNET_JSON_pack_array_steal ("new_denoms_h",
     414             :                                   new_denoms_h),
     415             :     GNUNET_JSON_pack_array_steal ("coin_evs",
     416             :                                   coin_evs));
     417             :   {
     418             :     char pub_str[sizeof (struct TALER_RefreshCommitmentP) * 2];
     419             :     char *end;
     420             : 
     421           8 :     end = GNUNET_STRINGS_data_to_string (&md->rc,
     422             :                                          sizeof (struct
     423             :                                                  TALER_RefreshCommitmentP),
     424             :                                          pub_str,
     425             :                                          sizeof (pub_str));
     426           8 :     *end = '\0';
     427           8 :     GNUNET_snprintf (arg_str,
     428             :                      sizeof (arg_str),
     429             :                      "/refreshes/%s/reveal",
     430             :                      pub_str);
     431             :   }
     432             :   /* finally, we can actually issue the request */
     433           8 :   rrh = GNUNET_new (struct TALER_EXCHANGE_RefreshesRevealHandle);
     434           8 :   rrh->exchange = exchange;
     435           8 :   rrh->noreveal_index = noreveal_index;
     436           8 :   rrh->reveal_cb = reveal_cb;
     437           8 :   rrh->reveal_cb_cls = reveal_cb_cls;
     438           8 :   rrh->md = md;
     439           8 :   rrh->url = TEAH_path_to_url (rrh->exchange,
     440             :                                arg_str);
     441           8 :   if (NULL == rrh->url)
     442             :   {
     443           0 :     json_decref (reveal_obj);
     444           0 :     GNUNET_free (rrh);
     445           0 :     return NULL;
     446             :   }
     447           8 :   eh = TALER_EXCHANGE_curl_easy_get_ (rrh->url);
     448          16 :   if ( (NULL == eh) ||
     449             :        (GNUNET_OK !=
     450           8 :         TALER_curl_easy_post (&rrh->ctx,
     451             :                               eh,
     452             :                               reveal_obj)) )
     453             :   {
     454           0 :     GNUNET_break (0);
     455           0 :     if (NULL != eh)
     456           0 :       curl_easy_cleanup (eh);
     457           0 :     json_decref (reveal_obj);
     458           0 :     GNUNET_free (rrh->url);
     459           0 :     GNUNET_free (rrh);
     460           0 :     return NULL;
     461             :   }
     462           8 :   json_decref (reveal_obj);
     463           8 :   ctx = TEAH_handle_to_context (rrh->exchange);
     464          16 :   rrh->job = GNUNET_CURL_job_add2 (ctx,
     465             :                                    eh,
     466           8 :                                    rrh->ctx.headers,
     467             :                                    &handle_refresh_reveal_finished,
     468             :                                    rrh);
     469           8 :   return rrh;
     470             : }
     471             : 
     472             : 
     473             : void
     474           8 : TALER_EXCHANGE_refreshes_reveal_cancel (
     475             :   struct TALER_EXCHANGE_RefreshesRevealHandle *rrh)
     476             : {
     477           8 :   if (NULL != rrh->job)
     478             :   {
     479           0 :     GNUNET_CURL_job_cancel (rrh->job);
     480           0 :     rrh->job = NULL;
     481             :   }
     482           8 :   GNUNET_free (rrh->url);
     483           8 :   TALER_curl_easy_post_finished (&rrh->ctx);
     484           8 :   TALER_EXCHANGE_free_melt_data_ (rrh->md); /* does not free 'md' itself */
     485           8 :   GNUNET_free (rrh->md);
     486           8 :   GNUNET_free (rrh);
     487           8 : }
     488             : 
     489             : 
     490             : /* exchange_api_refreshes_reveal.c */

Generated by: LCOV version 1.14